View this email in your browser

CISO Series Podcast
We’re Lowering the Requirement for Entry Level to Just 8 Years of Experience

Is the cybersecurity talent shortage a self-inflicted wound? It seems like we're caught in a vicious cycle of employers not being honest about the roles they need to fill, leading to candidates inflating resumes to have a chance at them. We're constantly discussing understaffing, so why isn't the situation improving?

This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is Steve Person, CISO, Cambia Health.

The changing CISO landscape

The evolving role of the CISO takes on a new meaning in light of new litigation, primarily kicked off by the prosecution of former Uber CEO Joe Sullivan. CISOs assuming new roles should negotiate for independent legal representation and ensure comprehensive indemnity across civil, regulatory, and criminal liabilities. Prospective CISOs must clearly define their role in external communications, especially during security incidents. Umbrella insurance and understanding corporate risk appetite are also crucial elements of protection. This boils down to determining if the position offered means genuinely being a C-level executive or merely having the title, as this misalignment can lead to personal liability, with many companies treating CISOs like officers without the official capacity.

Rethinking the cybersecurity talent shortage

Is the cybersecurity talent shortage self-inflicted? Some signs like poor pay, overly competitive cultures, and HR mismanagement point to it. They’re all real problems, as pointed out in a recent cybersecurity subreddit post. However, potential solutions like mentorship, training, and engaging with underserved communities exist. Security leaders must actively invest in the next generation of professionals, with mentorship being a key tool to build the talent pipeline. If this is self-inflicted, a lot of the problem comes down to the HR function by mishandling job descriptions and relying heavily on keyword filtering, which can block qualified candidates from advancing. To make a difference, we need to focus on practical solutions like interactive hiring filters and closer involvement in job descriptions to ensure we get better talent matches.

Sharpening your CISO skills

Becoming a new CISO can feel like being dropped into the deep end of business complexity. Many new CISOs quickly realize that technical expertise is only a fraction of what's needed to succeed, noted Christine Wong in a recent CSO Online piece. To truly thrive, CISOs must understand how various business functions like marketing, finance, and operations work. This requires learning the nuances of the business. As a CISO, it doesn’t hurt to brush up on accrual accounting! Building these skills involves networking, mentorship, or even pursuing formal business education, like an MBA. No one is fully prepared for the first CISO role. However, a strong grasp of risk management and a deep understanding of the organization's business ecosystem will help new CISOs hit the ground running and align their priorities with the broader company goals. Success in this role is about more than securing systems—it's about speaking the language of business.

Do CISOs need to go back to school?

Advanced degrees often aren’t required in the cybersecurity industry. There are a lot of questions about when you should pursue an MBA or PhD, leading to a very active thread on the cybersecurity subreddit. While degrees are valuable for critical thinking and well-roundedness, the key to preparing future cybersecurity talent lies in hands-on experience, such as programs like Oregon State University’s ORTSOC, where students manage a live SOC. This real-world exposure helps students determine if cybersecurity is right for them. There’s also value in cybersecurity minors tailored to different degree programs, such as software architecture or marketing, ensuring students across disciplines gain essential security skills. The takeaway? Formal education should complement practical experience, providing graduates with critical thinking abilities and industry-relevant know-how.

Listen to the full episode on our blog or your favorite podcast app, where you can read the entire transcript. If you haven’t subscribed to the CISO Series Podcast via your favorite podcast app, please do so now.

Thanks to Jonathan Waldrop, CISO, The Weather Company for providing our “What’s Worse” scenario.

Listen to the episode.

Thanks to our podcast sponsor, Vanta

Subscribe
Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

Is It Possible to Inject Integrity Into AI?

"I don’t like the tools being things that we don’t hold in our own hands. The hammer is in your head, you’re using it. So, who validates that the hammer has integrity? Well, you do. And you do it with the vendor who sold it to you, and you hold yourself and the vendor accountable. You’re both responsible there, and that’s how it should work." - Davi Ottenheimer, vp, trust and digital ethics, Inrupt.

Listen to full episode of "Is It Possible to Inject Integrity Into AI?"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Jonathan Waldrop, CISO, The Weather Company.

Thanks to our Cyber Security Headlines sponsor, SpyCloud

CISO Series!
Celebrating 6 Years with CISO Series

We got the best present for the CISO Series 6th anniversary: testimonials from our listeners! David Spark hit the show floor at Black Hat 2024 to ask attendees why they love the CISO Series. What resonated with people was the diversity of the content, our concise Cyber Security Headlines show that keeps them in the know, and our role in improving relationships between CISOs and vendors. We love hearing from our listeners and are thrilled that what we do resonates with the cybersecurity community.

Sponsored Content!
Risk Management in Real Time with Safe Security…

Join us for a groundbreaking announcement in cyber risk quantification and management. Today, Safe Security unveils SafeX, its new AI-powered mobile application designed to simplify and automate cyber risk assessment. Available on Android and iOS, SafeX uses AI to provide insights and recommendations tailored to your business's unique risk profile. Whether you're a seasoned CISO or just exploring, get real-time answers and actionable intelligence through a user-friendly interface.

Saket Modi, co-founder and CEO, spoke with me about how SafeX can transform your cybersecurity strategy by integrating your data and offering context-aware risk management. Visit https://www.safe.security to download and explore the app today.

Watch the video.

Thanks to our sponsor, Safe Security

Super Cyber Fridays!
Join us this Friday [10-04-24], for "Hacking Job Stagnation"

Join us Friday, October 04, 2024, for “Hacking Job Stagnation: An hour of critical thinking about what to do when you're stuck in a rut.”

It all begins at 1 PM ET/10 AM PT on Friday, October 04, 2024 with guests Keith Townsend, Chief Technology Advisor, The Futurum Group and Steve Zalewski, co-host, Defense in Depth. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.